digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-21 19:28:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

exec_alerter.py fix

Browse Source
This commit is contained in:
thomashaw
2021-06-22 18:57:20 +01:00
parent b1c3a25c37
commit 0818070040
1 changed files with 13 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
modules/utilities/unix/logging/elastalert/files/exec_alerter.py
View File

@@ -23,21 +23,21 @@ from elastalert.util import ts_to_dt
class ExecAlerter(Alerter):
required_options = set(['command'])
def __init__(self, rule):
super(ExecAlerter, self).__init__(rule)
def __init__(self, *args):
super(CommandAlerter, self).__init__(*args)
self.last_command = []
self.last_command = []
self.shell = False
if isinstance(self.rule['command'], str):
self.shell = True
if '%' in self.rule['command']:
logging.warning('Warning! You could be vulnerable to shell injection!')
self.rule['command'] = [self.rule['command']]
self.shell = False
if isinstance(self.rule['command'], str):
self.shell = True
if '%' in self.rule['command']:
logging.warning('Warning! You could be vulnerable to shell injection!')
self.rule['command'] = [self.rule['command']]
self.new_style_string_format = False
if 'new_style_string_format' in self.rule and self.rule['new_style_string_format']:
self.new_style_string_format = True
self.new_style_string_format = False
if 'new_style_string_format' in self.rule and self.rule['new_style_string_format']:
self.new_style_string_format = True
def alert(self, matches):
# Format the command and arguments
@@ -51,9 +51,8 @@ class ExecAlerter(Alerter):
try:
subp = subprocess.Popen(command, stdin=subprocess.PIPE, shell=self.shell)
match_json = json.dumps(matches, cls=DateTimeEncoder) + '\n'
match_json = match_json.encode()
input_string = self.rule['name'] + ":||:" + match_json
stdout, stderr = subp.communicate(input=input_string)
stdout, stderr = subp.communicate(input=input_string.encode())
if self.rule.get("fail_on_non_zero_exit", False) and subp.wait():
raise EAException("Non-zero exit code while running command %s" % (' '.join(command)))
except OSError as e: